This notice applies across all websites that we own and operate and all services we provide, including our online and mobile accounting and financial services products, and any other apps or services we may offer (for example, our mobile app (Pocket), events or training). For the purpose of this notice, we’ll just call them our ‘services’.
When we say “you” we mean, depending on the context, you as a Member, a Contact or a Visitor, where:
- “Member” means any person or entity that is registered with us to use the Services
- “Contact” means a person about whom a Member has given us information or who a Member contacts using our Services. For example, if you are a Member, a person whose details are in your CRM would be considered a Contact.
- “Visitor” means any person who visits any of our websites.
We may need to update this notice from time to time. Where a change is significant, we’ll make sure we let you know – usually by sending you an email.
This privacy notice was last updated on 12 January 2019.
Who are ‘we’?
When we refer to ‘we’ (or ‘our’ or ‘us’), that means Rex Software Pty Limited, Rex Labs Limited and all its wholly owned subsidiaries. Our headquarters are in Australia but we operate and have offices all over the world. Address details for all Rex offices are available on our Contact us page.
We provide an online sales, marketing and management service designed especially for real estate agencies and agents. At the core of our service is a CRM known as Rex. If you want to find out more about what we do, see the Rex about page.
For European Union data protection purposes, when we act as a controller in relation to your personal data, Rex Labs Limited (company number11241778) is our representative in the European Union.
Our principles of data protection
Our approach to data protection is built around four key principles. They’re at the heart of everything we do relating to personal data.
- Transparency: We take a human approach to how we process personal data by being open, honest and transparent.
- Enablement: We enable connections and efficient use of personal data to empower productivity and growth.
- Security: We champion industry leading approaches to securing the personal data entrusted to us.
- Stewardship: We accept the responsibility that comes with processing personal data.
How we collect your data
How we collect data for members and visitors
When you visit our websites or use our services, we collect personal data. The ways we collect it can be broadly categorised into the following:
- Information you provide to us directly:
When you visit or use some parts of our websites and/or services we might ask you to provide personal data to us. For example, we ask for your contact information when you sign up for a free trial, respond to a job application or an email offer, participate in community forums, join us on social media, take part in training and events, contact us with questions or request support.
If you purchase the Services, you may need to provide us with payment and billing information, such as your credit card details and billing address. In order to use certain parts of the services, you also provide us with information about your Contacts, such as their names and email addresses. We use and process this information to provide the Services in accordance with your instructions.
If you don’t want to provide us with personal data, you don’t have to, but it might mean you can’t use some parts of our websites or services.
- Information we collect automatically:
We collect some information about you automatically when you visit our websites or use our services, like your IP address and device type. We also collect information when you navigate through our websites and services, including what pages you looked at and what links you clicked on. This information is useful for us as it helps us get a better understanding of how you’re using our websites and services so that we can continue to provide the best experience possible (e.g., by personalising the content you see).
Some of this information is collected using cookies and similar tracking technologies. If you want to find out more about the types of cookies we use, why, and how you can control them, take a look at our cookie notice.
- Information we get from third parties:
The majority of information we collect, we collect directly from you. Sometimes we might collect personal data about you from other sources, such as publicly available materials or trusted third parties like our marketing and research partners. We use this information to supplement the personal data we already hold about you, in order to better inform, personalise and improve our services, and to validate the personal data you provide.
Where we collect personal data, we’ll only process it:
- to perform a contract with you, or
- where we have legitimate interests to process the personal data and they’re not overridden by your rights, or
- in accordance with a legal obligation, or
- where we have your consent.
If we don’t collect your personal data, we may be unable to provide you with all our services, and some functions and features on our websites may not be available to you.
How we collect data for contacts
For purposes of this section, ‘you’ and ‘your’ refers to Contacts.
We collect and process about you when Members use our Services and we process your personal data on their behalf. The ways we collect your data can be broadly categorised into the following:
- Information we receive about you from Members:
A member may provide personal data about you to us when using the Services. For example, when a member enters your name, number and email address into our website or service, adds notes about their engagement with you or uses the services to send you an email. You may have the opportunity to update some of this information by electing to update or manage your preferences via emails sent or dashboards provided by a Member.
- Information we collect automatically:
we collect some information about you automatically when you interact with information (like emails) that Members send using our services, or when you browse a member’s website. This includes information like your IP address, device type and the way you interact with the email or website. Some of this information is collected using cookies and similar tracking technologies. If you want to find out more about the types of cookies we use, why, and how you can control them, take a look at our cookie notice.
- Information we get from third parties:
Sometimes we might collect personal data about you from other sources, like publicly available information and information from trusted third parties like our marketing and research partners or social media platforms. We make sure that any third parties are legally allowed to share your information with us. We use this information to help provide Services that let our Members give you a more relevant and effective service.
Our Members’ approach to privacy and security might be different to ours. If you’re someone who doesn’t have a relationship with us, and a Member has entered your personal data into our websites or services, you’ll need to contact that Member for any questions you have about your personal data (including where you want to access, correct, amend, or ask that the Member delete, your personal data).
How we use your data
First and foremost, we use your personal data to operate our websites and provide you with any services you’ve requested, and to manage our relationship with you. We also use your personal data for other purposes, which may include the following:
- To communicate with you. This may include:
- providing you with information you’ve requested from us (like training or education materials) or information we are required
- To send to you operational communications, like changes to our websites and services, security updates, or assistance with using our websites and services
- marketing communications (about Xero or another product or service we think you might be interested in) in accordance with your marketing preferences
- asking you for feedback or to take part in any research we are conducting (which we may engage a third party to assist with).
- To support you: This may include assisting with the resolution of technical support issues or other issues relating to the websites or services, whether by email, in-app support or otherwise.
- To bill and collect money owed to us by you. This includes sending you emails, invoices, receipts, and alerting you if we need a different credit card number. We use third parties for secure credit card transaction processing, and those third parties collect billing information to track your orders and credit card payments.
- To enhance our websites and services and develop new ones: For example, by tracking and monitoring your use of websites and services and the personal information of Contacts so we can keep improving, or by carrying out technical analysis of our websites and services so that we can optimise your user experience and provide you with more efficient tools.
- To market to you: In addition to sending you marketing communications, we may also use your personal data to display targeted advertising to you online – through our own websites and services or through third party websites and their platforms.
- To analyse, aggregate and report: We may use the personal data we collect about you, Contacts and other users of our websites and services (whether obtained directly or from third parties) to produce aggregated and anonymised analytics and reports, which we may share publicly or with third parties
- To improve our services: We may use information like your your Contacts’ details and your engagement with them, so we can make more informed predictions, decisions, and products for our Members.
For example, we may use data from Member accounts to recommend better products or enable prediction tools to identify Contacts likely to purchase a property. We will act as a data controller to process data for our data analytics projects in reliance on our legitimate business interests of improving and enhancing our products and services for our Members. We take the privacy of personal data seriously, and will continue to implement appropriate safeguards to protect personal data from misuse.
If you or your Contact prefers not to share this data, you can contact us at any time by email us at email@example.com
- For our data analytics projects: For our data analytics projects. Our data analytics projects use data from Member accounts, including your personal data, to provide and improve the Services. We use information, like your email engagement history, provided to us by Members, so we can make more informed predictions, decisions, and products for our Members. If you’d rather not to share this data, you can opt out of data analytics projects at any time by emailing us firstname.lastname@example.org.
How we can share your data
There will be times when we need to share your personal data with third parties. We will only disclose your personal data to:
- other companies in the Rex group of companies
- third party service providers and partners who assist and enable us to use the personal data to, for example, support delivery of or provide functionality on the website or services, or to market or promote our goods and services to you
- regulators, law enforcement bodies, government agencies, courts or other third parties where we think it’s necessary to comply with applicable laws or regulations, or to exercise, establish or defend our legal rights. Where possible and appropriate, we will notify you of this type of disclosure
- an actual or potential buyer (and its agents and advisers) in connection with an actual or proposed purchase, merger or acquisition of any part of our business
other people where we have your consent.
International Data Transfers
When we share data, it may be transferred to, and processed in, countries other than the country you live in – such as to Australia where some of our data hosting provider’s servers are located. These countries may have laws different to what you’re used to. Rest assured, where we disclose personal data to a third party in another country, we put safeguards in place to ensure your personal data remains protected.
For individuals in the European Economic Area (EEA), this means that your data may be transferred outside of the EEA. Where your personal data is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data, or to a third party where we have approved transfer mechanisms in place to protect your personal data – i.e., by entering into the European Commission’s Standard Contractual Clauses, or by ensuring the entity is Privacy Shield certified (for transfers to US-based third parties). For further information, please contact us using the details set out in the Contact us section below.
Security is a priority for us when it comes to your personal data. We’re committed to protecting your personal data and have appropriate technical and organisational measures in place to make sure that happens.
How long we keep your personal data depends on what it is and whether we have an ongoing business need to retain it (for example, to provide you with Services or to comply with any laws). Our retention periods will vary depending on the type of data involved, but, generally, we’ll refer to these criteria in order to set the retention period:
- Whether we have a legal or contractual obligation.
- Whether we need the data to provide our Services.
- Whether our Members have the ability to access and delete the data within their accounts.
- Whether our Members would reasonably expect that we would retain the data until they remove it or until their accounts are closed.
When we no longer have an ongoing business need to retain we’ll make sure your data is deleted or anonymised or, if this is not possible (for example, because it’s been stored in backups), then we’ll securely store your data and isolate it from any further access until deletion / anonymisation is possible.
It’s your personal data and you have certain rights relating to it. When it comes to marketing communications, you can ask us not to send you these at any time – just follow the unsubscribe instructions contained in the marketing communication, or send your request to email@example.com.
You also have rights to:
- know what personal data we hold about you, and to make sure it’s correct and up to date
- request a copy of your personal data, or ask us to restrict processing your personal data or delete it
- object to our continued processing of your personal data
You can exercise these rights at any time by sending an email to firstname.lastname@example.org.
If you’re not happy with how we are processing your personal data, please let us know by sending an email to email@example.com. We will review and investigate your complaint, and try to get back to you within a reasonable time frame. You can also complain to your local data protection authority. They will be able to advise you how to submit a complaint.
How to contact us
We’re always keen to hear from you. If you’re curious about what personal data we hold about you or you have a question or feedback for us on this notice, our websites or services, please get in touch.
As a technology company, we prefer to communicate with you by email – this ensures that you’re put in contact with the right person, in the right location, and in accordance with any regulatory time frames.
Our email is firstname.lastname@example.org.